CHANGELOG.md 31.1 KB
Newer Older
1 2 3
- git_clone:
  - The working tree is explicitly checked for modified files, to prevent mysterious failures.

4 5 6
- Installation
  - OPENEDX_RELEASE is now required, to prevent accidental installation of master.

7 8 9
- XQueue
  - Expose CLOUDWATCH_QUEUE_COUNT_METRIC which is defined XQueue's settings.py for further dictionary structure

10 11 12
- nginx:
  - remove nginx_cfg - an internal variable that was really only used for the edx-release nginx site, which served version.{html,json} off of a nonstandard port.  The file it served was never populated.

13 14 15
- Role: edxapp
  - Create EDXAPP_CMS_GUNICORN_TIMEOUT and EDXAPP_LMS_STATIC_URL_BASE to allow overriding of the gunicorn timeout

16 17 18
- Structure: edx-east
  - Deprecated the edx-east folder, playbooks now live in the top level directory instead of edx-east/playbooks. A symbolic link was added for now, but should not be relied upon.

19 20 21
- Role: edxapp
  - EDXAPP_NGINX_SKIP_ENABLE_SITES added to allow you to not sync in the lms or cms nginx configuration.  Instead you can enable them during deployment.
  - EDXAPP_NGINX_DEFAULT_SITES added to allow you to mark both lms and cms as defaults, best paired with picking which site to enable during deployment.
22
  - EDXAPP_LMS_STATIC_URL_BASE and EDXAPP_CMS_STATIC_URL_BASE allow a per-application setting of the static URL.  You can stil use EDXAPP_STATIC_URL_BASE for now but we may retire that as we continue to separate LMS and CMS.
23

24 25 26
- Role: XQueue
  - Convert to a yaml config (instead of xqueue.auth.json and xqueue.env.json we get xqueue.yml and it lives by default in /edx/etc/xqueue.yml like standard IDAs)
  - Add XQUEUE_DEFAULT_FILE_STORAGE so that you can specify S3 or Swift in your config
27
  - XQUEUE_SETTINGS now prefers production.py over aws_settings.py
28

29 30 31
- Role: credentials
  - Set `LANGUAGE_COOKIE_NAME` so that Credentials will use the global language cookie.

32 33 34
- Role: edxapp
  - Added `PASSWORD_POLICY_COMPLIANCE_ROLLOUT_CONFIG` to make configurable whether password complexity is checked on login and how such complexity is rolled out to users.

35
- Role: certs
36
  - Added `CERTS_QUEUE_POLL_FREQUENCY` to make configurable the certificate agent's queue polling frequency.
37

38 39 40
- Role: edxapp
  - Added `RETIREMENT_STATES` to generic_env_config to support making the retirement workflow configurable.

41 42
- Removed Vagrantfiles for devstack and fullstack, and supporting files.

43 44
- Role: xqueue
  - Added XQUEUE_SUBMISSION_PROCESSING_DELAY and XQUEUE_CONSUMER_DELAY to xqueue env so they can be passed along to the app.
45

46
- Role: edxapp
47 48 49
  - Moved `PASSWORD_MIN_LENGTH`, `PASSWORD_MAX_LENGTH`, and `PASSWORD_COMPLEXITY` to generic_env_config to allow CMS and LMS to share these configurations

- Role: edxapp
50
  - Added GOOGLE_SITE_VERIFICATION_ID to move a previously hardcoded value into configuration.
51 52
  - Changed `EDXAPP_RETIRED_USERNAME_FMT` to `EDXAPP_RETIRED_USERNAME_PREFIX`. Changed/split `EDXAPP_RETIRED_EMAIL_FMT` to be `EDXAPP_RETIRED_EMAIL_PREFIX` and `EDXAPP_RETIRED_EMAIL_DOMAIN`.

53 54
- Role xqueue
  - Removed RabbitMQ in earlier changes in XQueue itself, we don't need any of the configuration
55
    XQUEUE_RABBITMQ_USER XQUEUE_RABBITMQ_PASS XQUEUE_RABBITMQ_VHOST XQUEUE_RABBITMQ_HOSTNAME
56
    XQUEUE_RABBITMQ_PORT XQUEUE_RABBITMQ_TLS
57 58
  - Added NEWRELIC_APPNAME and NEWRELIC_LICENSE_KEY to the configuration files consumed by XQueue.
    Useful for external utilities that are reporting NR metrics.
59 60
  - Added XQUEUE_CONSUMER_NEWRELIC_APPNAME which is added to the supervisor start of xqueue_consumer
    if you have New Relic enabled.
61
  - Retired XQUEUE_WORKERS_PER_QUEUE
62

63 64 65 66
- Role edx_django_service
  - Added maintenance page under the flag EDX_DJANGO_SERVICE_ENABLE_S3_MAINTENANCE.
  - Added the s3_maintenance.j2 file to point to the s3 maintenance page.

67 68
- Role: xqueue
  - Added XQUEUE_MYSQL_CONN_MAX_AGE so that you can have xqueue use django's persistent DB connections
69

70 71 72
- Role: edxapp
  - Added empty `EDXAPP_PASSWORD_COMPLEXITY` setting to ease overriding complexity.

73 74 75 76 77 78
- Role: splunkforwarder
  - Updated the role so the splunkforwarder can be installed on Amazon Linux OS environment, which is a RHEL variant

- Role: server_utils
  - Update to only do things for debian varient environment

79 80 81 82
- Role: xqueue
  - Added `XQUEUE_SESSION_ENGINE` to allow a configurable xqueue session engine.
  - Added `XQUEUE_CACHES` to allow a configurable xqueue cache.

83 84 85 86 87 88
- Role: devpi
  - New role added to configure a devpi service as a pass-through cache for PyPI.

- Role: devpi_consumer
  - Added role to configure Python containers to use devpi for Docker Devstack

Kevin Falcone committed
89 90 91
- Role: xqueue
  - Remove S3_BUCKET and S3_PATH_PREFIX - they were deprecated prior to ginkgo
  - Remove SERVICE_VARIANT - it was copied from edxapp but never truly used (except to complicate things)
92 93
  - The manage_users management command is only run when disable_edx_services is false (previously this play would try
    to update databases while building images, where services are generally disabled).
Kevin Falcone committed
94

95
- Role: edxapp
96 97
  - Added `EDXAPP_RETIRED_USERNAME_FMT`, `EDXAPP_RETIRED_EMAIL_FMT`, `EDXAPP_RETIRED_USER_SALTS`, and
  `EDXAPP_RETIREMENT_SERVICE_WORKER_USERNAME` to generic_env_config to allow user retirement to be configurable.
98 99

- Role: edxapp
100 101 102
  - Added `ENTERPRISE_REPORTING_SECRET` to CMS auth settings to allow edx-enterprise migrations to run.

- Role: edxapp
103
  - Added `EDXAPP_FERNET_KEYS` to allow for use of django-fernet-keys in LMS.
104

105
- Role: edxapp
106 107 108 109
  - Added `EDXAPP_DEFAULT_COURSE_VISIBILITY_IN_CATALOG` setting (defaults to `both`).

  - Added `EDXAPP_DEFAULT_MOBILE_AVAILABLE` setting (defaults to `false`).

110 111 112
  - Added `EDX_PLATFORM_REVISION` (set from `edx_platform_version`). This is for
  edx-platform debugging purposes, and replaces calling dealer.git at startup.

muhammad-ammar committed
113 114 115
- Role: veda_pipeline_worker
  - New role to run all (`deliver, ingest, youtubecallback`) [video pipeline workers](https://github.com/edx/edx-video-pipeline/blob/master/bin/)

116 117 118
- Role: veda_ffmpeg
  - New role added to compile ffmpeg for video pipeline. It will be used as a dependency for video pipeline roles.

119 120 121
- Role: edxapp
  - Added `EDXAPP_BRANCH_IO_KEY` to configure branch.io journey app banners.

122 123 124
- Role: ecomworker
  - Added `ECOMMERCE_WORKER_BROKER_TRANSPORT` with a default value of 'ampq' to be backwards compatible with rabbit.  Set to 'redis' if you wish to use redis instead of rabbit as a queue for ecommerce worker.

125
- Role: ecommerce
126
  - Added `ECOMMERCE_BROKER_TRANSPORT` with a default value of 'ampq' to be backwards compatible with rabbit.  Set to 'redis' if you wish to use redis instead of rabbit as a queue for ecommerce.
127

128 129 130
- Role: credentials
  - This role is now dependent on the edx_django_service role. Settings are all the same, but nearly all of the tasks are performed by the edx_django_service role.

131 132 133
- Role: veda_delivery_worker
  - New role added to run [video delivery worker](https://github.com/edx/edx-video-pipeline/blob/master/bin/deliver)

134 135 136
- Role: veda_web_frontend
  - New role added for [edx-video-pipeline](https://github.com/edx/edx-video-pipeline)

137
- Role: edxapp
138 139 140
  - Added `EDXAPP_LMS_INTERNAL_ROOT_URL` setting (defaults to `EDXAPP_LMS_ROOT_URL`).

- Role: edxapp
141 142 143 144 145 146 147
  - Added `EDXAPP_CELERY_BROKER_TRANSPORT` and renamed `EDXAPP_RABBIT_HOSTNAME`
    to `EDXAPP_CELERY_BROKER_HOSTNAME`. This is to support non-amqp brokers,
    specifically redis. If `EDXAPP_CELERY_BROKER_HOSTNAME` is unset it will use
    the value of `EDXAPP_RABBIT_HOSTNAME`, however it is recommended to update
    your configuration to set `EDXAPP_CELERY_BROKER_TRANSPORT` explicitly.

- Role: edxapp
148
  - Added `EDXAPP_MONGO_REPLICA_SET`, which is required to use
149 150 151 152 153 154 155 156 157 158 159 160 161 162
    pymongo.MongoReplicaSetClient in PyMongo 2.9.1.  This should be set to the
    name of your replica set.
    This setting causes the `EDXAPP_*_READ_PREFERENCE` settings below to be used.
  - Added `EDXAPP_MONGO_CMS_READ_PREFERENCE` with a default value of `PRIMARY`.
  - Added `EDXAPP_MONGO_LMS_READ_PREFERENCE` with a default value of
    `SECONDARY_PREFERED` to distribute the read workload across the replica set
    for replicated docstores and contentstores.
  - Added `EDXAPP_LMS_SPLIT_DOC_STORE_READ_PREFERENCE` with a default value of
    `EDXAPP_MONGO_LMS_READ_PREFERENCE`.
  - Added `EDXAPP_LMS_DRAFT_DOC_STORE_CONFIG` with a default value of
    `EDXAPP_MONGO_CMS_READ_PREFERENCE`, to enforce consistency between
    Studio and the LMS Preview modes.
  - Removed `EDXAPP_CONTENTSTORE_ADDITIONAL_OPTS`, since there is no notion of
    common options to the content store anymore.
163

nadeemshahzad committed
164 165 166
- Role: nginx
  - Modified `lms.j2` , `cms.j2` , `credentials.j2` , `edx_notes_api.j2` and `insights.j2` to enable HTTP Strict Transport Security
  - Added `NGINX_HSTS_MAX_AGE` to make HSTS header `max_age` value configurable and used in templates
167

168 169 170
- Role: server_utils
  - Install "vim", not "vim-tiny".

171 172 173
- Role: edxapp
  - Added GOOGLE_ANALYTICS_TRACKING_ID setting for inserting GA tracking into emails generated via ACE.

174 175 176
- Role: notifier
  - Added notifier back to continuous integration.

177 178 179
- Role: ecommerce
  - This role is now dependent on the edx_django_service role. Settings are all the same, but nearly all of the tasks are performed by the edx_django_service role.

180
- Role: discovery
181 182 183 184 185 186
  - Added `DISCOVERY_REPOS` to allow configuring discovery repository details.

- Role: edx_django_service
  - Made the keys `edx_django_service_git_protocol`, `edx_django_service_git_domain`, and `edx_django_service_git_path` of `edx_django_service_repos` all individually configurable.

- Role: discovery
187 188
  - Updated LANGUAGE_CODE to generic english. Added configuration for multilingual language package django-parler.

189 190 191
- Role: edxapp
  - Added `EDXAPP_EXTRA_MIDDLEWARE_CLASSES` for configuring additional middleware logic.

192 193 194
- Role: discovery
  - Added `OPENEXCHANGERATES_API_KEY` for retrieving currency exchange rates.

195
- Role: edxapp
196 197 198 199
  - Added `EDXAPP_SCORM_PKG_STORAGE_DIR`, with default value as it was in the server template.
  - Added `EDXAPP_SCORM_PLAYER_LOCAL_STORAGE_ROOT`, with default value as it was in the server template.

- Role: edxapp
200
  - Added `EDXAPP_ENTERPRISE_TAGLINE` for customized header taglines for different enterprises.
201
  - Added `EDXAPP_PLATFORM_DESCRIPTION` used to describe the specific Open edX platform.
202 203

- Role: edxapp
204 205 206
  - Added `EDXAPP_REINDEX_ALL_COURSES` to rebuild the course index on deploy. Disabled by default.

- Role: edxapp
207 208 209
  - Added `ENTERPRISE_SUPPORT_URL` variable used by the LMS.

- Role: edxapp
210 211
  - Added OAUTH_DELETE_EXPIRED to enable automatic deletion of edx-django-oauth2-provider grants, access tokens, and refresh tokens as they are consumed. This will not do a bulk delete of existing rows.

212 213 214 215
- Role: mongo_3_2
  - Added role for mongo 3.2, not yet in use.
  - Removed MONGO_CLUSTERED variable. In this role mongo replication is always configured, even if there is only one node.

216 217 218
- Role: edxapp
  - Added creation of enterprise_worker user to provisioning. This user is used by the edx-enterprise package when making API requests to Open edX IDAs.

Adam Palay committed
219
- Role: neo4j
220 221 222
  - Increase heap and page caches sizes for neo4j

- Role: neo4j
Adam Palay committed
223
  - Updated neo4j to 3.2.2
224
  - Removed authentication requirement for neo4j
Adam Palay committed
225

226 227 228
- Role: forum
  - Added `FORUM_REBUILD_INDEX` to rebuild the ElasticSearch index from the database, when enabled.  Default: `False`.

229 230 231 232
- Role: nginx
  - Added `NGINX_EDXAPP_CMS_APP_EXTRA`, which makes it possible to add custom settings to the site configuration for Studio.
  - Added `NGINX_EDXAPP_LMS_APP_EXTRA`, which makes it possible to add custom settings to the site configuration for the LMS.

233 234 235 236
- Role: edxapp
  - Let `confirm_email` in `EDXAPP_REGISTRATION_EXTRA_FIELDS` default to `"hidden"`.
  - Let `terms_of_service` in `EDXAPP_REGISTRATION_EXTRA_FIELDS` default to `"hidden"`.

237 238
- Role: ecommerce
  - Added ECOMMERCE_LANGUAGE_COOKIE_NAME which is the name of the cookie the ecommerce django app looks at for determining the language preference.
239

Adam Palay committed
240 241 242 243 244
- Role: neo4j
  - Enabled splunk forwarding for neo4j logs.
  - Increased maximum amount of open files to 40000, as suggested by neo4j.
  - Updated the java build that neo4j uses to run.

245
- Role: edxapp
246 247 248 249
  - Set the default value for EDXAPP_POLICY_CHANGE_GRADES_ROUTING_KEY to
 'edx.lms.core.default'.

- Role: edxapp
250 251 252
  - Set the default value for EDXAPP_BULK_EMAIL_ROUTING_KEY_SMALL_JOBS to
 'edx.lms.core.low'.

253 254 255
- Role: jenkins_master
  - Update pinned use of JDK7 in Jenkins installs to default JDK version from role `oraclejdk`.

256 257 258 259
- Role: notifier
  - Added `NOTIFIER_DATABASE_ENGINE`, `NOTIFIER_DATABASE_NAME`, `NOTIFIER_DATABASE_USER`, `NOTIFIER_DATABASE_PASSWORD`, `NOTIFIER_DATABASE_HOST`, and `NOTIFIER_DATABASE_PORT` to be able to configure the `notifier` service to use a database engine other than sqlite. Defaults to local sqlite.
  - Deprecated: `NOTIFIER_DB_DIR`: Please use `NOTIFIER_DATABASE_NAME` instead.

260 261 262 263
- Role: elasticsearch
  - Replaced `elasticsearch_apt_key` and `elastic_search_apt_keyserver` with `elasticsearch_apt_key_url`
  - Updated elasticsearch version to 1.5.0

264
- Role: edxapp
265 266 267
  - Install development.txt in Vagrant and Docker devstacks

- Role: edxapp
268 269 270
  - Set the EDXAPP_IMPORT_EXPORT_BUCKET setting to an empty string

- Role: edxapp
271 272
  - Updated default value of the EDXAPP_ENTERPRISE_COURSE_ENROLLMENT_AUDIT_MODES setting to ["audit", "honor"]

273 274 275 276 277
- Role: edx_notes_api
  - Removed EDX_NOTES_API_ELASTICSEARCH_HOST.
  - Removed EDX_NOTES_API_ELASTICSEARCH_PORT.
  - EDX_NOTES_API_ELASTICSEARCH_URL.

278
- Role: edxapp
279
  - Added the EDXAPP_ACTIVATION_EMAIL_SUPPORT_LINK URL with default value `''`.
280
  - Added the EDXAPP_PASSWORD_RESET_SUPPORT_LINK URL with default value `''`.
281

282 283 284 285 286 287 288 289 290 291 292 293 294
- Role: nginx
  - Modified `server-template.j2` to be more accessible and configurable.
  - The template should contain the `lang` attribute in the HTML tag.
  - If the image loaded has some meaning, as a logo, it should have the `alt` attribute.
  - After the header 1 (h1) there is no relevant text content, so next it can not be
    another header (h2). It was changed to be a paragraph with the header 2 CSS style.
  - Added `NGINX_SERVER_ERROR_IMG_ALT` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_LANG` with default value `en`
  - Added `NGINX_SERVER_ERROR_STYLE_H1` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_STYLE_P_H2` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_STYLE_P` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_STYLE_DIV` with default value as it was in the server template

295
- Role: edxapp
296 297 298 299
  - Added the EDXAPP_SHOW_HEADER_LANGUAGE_SELECTOR feature flag with default value [false]
  - Added the EDXAPP_SHOW_FOOTER_LANGUAGE_SELECTOR feature flag with default value [false]

- Role: edxapp
300 301 302
  - Added the EDXAPP_ENTERPRISE_COURSE_ENROLLMENT_AUDIT_MODES setting with default value ["audit"]

- Role: edxapp
303
  - DOC_LINK_BASE settings have been removed, replaced by HELP_TOKENS_BOOKS
304 305

- Role: edxapp
306
  - Add the EDXAPP_LANGUAGE_COOKIE setting
307

Kevin Falcone committed
308 309 310 311 312 313
- Role: rabbitmq
  - Upgraded to 3.6.9
  - Switched to a PPA rather than a .deb hosted in S3
  - Note that you generally cannot upgrade RabbitMQ live in place https://www.rabbitmq.com/clustering.html
    this is particularly true coming from 3.2 to 3.6.  We are using the shovel plugin to move tasks across clusters
    but their documentation covers different scenarios.
314
- Role: edxapp
315 316
  - Added a new EDXAPP_MYSQL_CONN_MAX_AGE, default to 0.  Adjust it to change how long a connection is kept open
  for reuse before it is closed.
317
  - Set preload_app to False in gunicorn config for LMS and Studio.
318 319 320 321
- Role: analytics_api
  - Added `ANALYTICS_API_AGGREGATE_PAGE_SIZE`, default value 10.  Adjust this parameter to increase the number of
    aggregate search results returned by the Analytics API, i.e. in course_metadata: enrollment_modes, cohorts, and
    segments.
322 323
- Role: programs
  - This role has been removed as this service is no longer supported. The role is still available on the [Ficus branch](https://github.com/edx/configuration/releases/tag/open-release%2Fficus.1).
324 325
- Role: xqueue
  - Changed `XQUEUE_RABBITMQ_TLS` default from `true` to `false`.
326 327
- Role: credentials
  - Added `CREDENTIALS_EXTRA_APPS` to enable the inclusion of additional Django apps in the Credentials Service.
Omar Khan committed
328 329 330 331 332
- Role: common
  - Renamed `COMMON_AWS_SYNC` to `COMMON_OBJECT_STORE_LOG_SYNC`
  - Renamed `COMMON_AWS_SYNC_BUCKET` to `COMMON_OBJECT_STORE_LOG_SYNC_BUCKET`
  - Renamed `COMMON_AWS_S3_SYNC_SCRIPT` to `COMMON_OBJECT_STORE_LOG_SYNC_SCRIPT`
  - Added `COMMON_OBJECT_STORE_LOG_SYNC_PREFIX`. Default: `logs/tracking/`
333
  - Added `COMMON_EDXAPP_SETTINGS`. Default: `aws`
Omar Khan committed
334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359
- Role: aws
  - Removed `AWS_S3_LOGS`
  - Added `vhost` role as dependency
- Role: edxapp
  - Added `EDXAPP_SWIFT_USERNAME`
  - Added `EDXAPP_SWIFT_KEY`
  - Added `EDXAPP_SWIFT_TENANT_ID`
  - Added `EDXAPP_SWIFT_TENANT_NAME`
  - Added `EDXAPP_SWIFT_AUTH_URL`
  - Added `EDXAPP_SWIFT_AUTH_VERSION`
  - Added `EDXAPP_SWIFT_REGION_NAME`
  - Added `EDXAPP_SWIFT_USE_TEMP_URLS`
  - Added `EDXAPP_SWIFT_TEMP_URL_KEY`
  - Added `EDXAPP_SWIFT_TEMP_URL_DURATION`
  - Added `EDXAPP_SETTINGS` to allow using a settings file other than `aws.py`. Default: `aws`
  - Renamed `ENABLE_S3_GRADE_DOWNLOADS` to `ENABLE_GRADE_DOWNLOADS`
  - Replaced `EDXAPP_GRADE_STORAGE_TYPE`, `EDXAPP_GRADE_BUCKET` and `EDXAPP_GRADE_ROOT_PATH` with `EDXAPP_GRADE_STORAGE_CLASS` and `EDXAPP_GRADE_STORAGE_KWARGS`
- Role: openstack
  - Added role
- Role: vhost
  - Added as dependency for aws and openstack roles. Handles common functionality for setting up VM hosts
- Role: xqueue
  - Added `XQUEUE_SETTINGS` to specify which settings file to use. Default: `aws_settings`
  - Renamed `XQUEUE_S3_BUCKET` to `XQUEUE_UPLOAD_BUCKET`
  - Renamed `XQUEUE_S3_PATH_PREFIX` to `XQUEUE_UPLOAD_PATH_PREFIX`

Fred Smith committed
360 361 362
- Role: discovery
  - Course Discovery JWT configuration now takes a list of issuers instead of a single issuer.  This change is not backward compatible with older versions of course discovery.

363 364 365
- Role: hadoop_common
  - Enable log retention by default to assist with debugging. Now YARN will retain stdout and stderr logs produced by map reduce tasks for 24 hours. They can be retrieved by running "yarn logs -applicationId YOUR_APPLICATION_ID".

366 367 368 369
- Role: rabbitmq
  - Removed the RABBITMQ_CLUSTERED var and related tooling. The goal of the var was to be able to setup a cluster in the aws environment without having to know all the IPs of the cluster before hand.  It relied on the `hostvars` ansible varible to work correctly which it no longer does in 1.9.  This may get fixed in the future but for now, the "magic" setup doesn't work.
  - Changed `rabbitmq_clustered_hosts` to RABBITMQ_CLUSTERED_HOSTS.

370 371 372
- Role: edxapp
  - Removed SUBDOMAIN_BRANDING and SUBDOMAIN_COURSE_LISTINGS variables

373 374 375
- Role: ora
  - Remove the ora1 role as support for it was deprecated in Cypress.
  - Removed dependencies on ora throughout the playbooks / vagrantfiles.
376 377 378 379
- Role: edxapp
  - Removed XmlModuleStore from the default list of modulestores for the LMS.
  - EDXAPP_XML_MAPPINGS variable no longer exists by default and is not used by the edxapp role.

Clinton Blackburn committed
380 381 382
- Role: ecommerce
  - Removed ECOMMERCE_ORDER_NUMBER_PREFIX variable

383 384 385 386 387 388 389
- Role: edxapp
  - All of the following changes are BACKWARDS-INCOMPATABLE:
    - Renamed two top level variables SEGMENT_IO_LMS_KEY and SEGMENT_IO_KEY to SEGMENT_KEY in {lms|cms].auth.json.
    - Renamed two top level variables in roles/edxapp/defaults/main.yml.  EDXAPP_SEGMENT_IO_LMS_KEY and EDXAPP_SEGMENT_IO_KEY are now EDXAPP_LMS_SEGMENT_KEY and EDXAPP_CMS_SEGMENT_KEY respectively
    - REMOVED two top level variables SEGMENT_IO_LMS and SEGMENT_IO from {lms|cms].auth.json. We will use the existence of the SEGMENT_KEY to to serve the same function that these boolean variables served.
    - REMOVED two top level variables EDXAPP_SEGMENT_IO_LMS and EDXAPP_SEGMENT_IO from roles/edxapp/defaults/main.yml.

Feanil Patel committed
390 391 392
- Updated ansible fork to be based on ansible 1.9.3rc1 instead of 1.9.1
  - Ansible Changelog: https://github.com/ansible/ansible/blob/stable-1.9/CHANGELOG.md

Will Daly committed
393 394 395 396
- Role: edxapp
  - Removed deprecated variables EDXAPP_PLATFORM_TWITTER_URL, EDXAPP_PLATFORM_MEETUP_URL, EDXAPP_PLATFORM_LINKEDIN_URL, and EDXAPP_PLATFORM_GOOGLE_PLUS_URL in favor of EDXAPP_SOCIAL_MEDIA_FOOTER_URLS.  These variables haven't been used in edx-platform since March 17, 2015 (when https://github.com/edx/edx-platform/pull/7383 was merged).  This change is backwards incompatible with versions of edx-platform from before March 17, 2015.
  - Added EDXAPP_MOBILE_STORE_URLS and EDXAPP_FOOTER_ORGANIZATION_IMAGE variables, used in https://github.com/edx/edx-platform/pull/8175 (v3 version of the edx.org footer).

397 398 399
- Updated ansible fork with small bug fix.
  - https://github.com/ansible/ansible/pull/10957

400
- Role: edxapp
401 402 403
  - Removed post.txt from the list of files that will have its github urls replaced with git mirror urls.

- Role: edxapp
404 405 406 407
  - The edxapp role no longer uses checksums to bypass pip installs.
    - pip install will always run for all known requirements files.

- Role: edx-ansible
408 409
  - `/edx/bin/update` no longer runs the ansible command with `--tags deploy`

Max Rothman committed
410
- Role: edxapp
411 412 413
  - Added newrelic monitoring capabilities to edxapp workers. Note that this is a BACKWARDS-INCOMPATABLE CHANGE, as it introduces a new key, `monitor`, to each item in `EDXAPP_CELERY_WORKERS` in `defaults/main.yml`, and plays including this role will fail if that key is not set.

- Role: edxapp
Max Rothman committed
414 415
  - Enabled combined login registration feature by default

416 417 418 419 420 421 422
- Role: analytics_api, xqwatcher, insights, minos, edx_notes_api
  - Expanded `edx_service` role to do git checkout and ec2 tagging
  - Refactored roles that depend on `edx_service` to use the new interface: `minos`, `analytics_api`, `insights`, and `xqwatcher`
  - Refactored name from `analytics-api` to `analytics_api`
  - Changed location of minos' config file from `/edx/etc/minos/minos.yml` to `/edx/etc/minos.yml`
  - Added new `edx_notes_api` role for forthcoming notes api
  - This is a __BACKWARDS INCOMPATABLE__ change and will require additional migrations when upgrading an existing server. While we recommend building from scratch, running the following command _might_ work:
Will Daly committed
423

424 425
      ```
      rm -rf /edx/app/analytics-api /edx/app/ /edx/app/nginx/sites-available/analytics-api.j2 /edx/app/supervisor/conf.d.available/analytics_api.conf
426
      rm -rf /edx/etc/minos
427 428
      ```

429
- Role: notifier
430
  - Refactored `NOTIFIER_HOME` and `NOTIFIER_USER` to `notifier_app_dir` and `notifier_user` to match other roles. This shouldn't change anything since users should've only been overriding COMMON_HOME.
431

432 433 434 435 436 437 438
- Role: gitreload
  - New role added for running
    [gitreload](https://github.com/mitodl/gitreload) that can be used
    for importing courses via github/gitlab Web hooks, or more
    generally updating any git repository that is already checked out
    on disk via a hook.

439 440 441 442 443 444
- Role: analytics-api, edxapp, ora, xqueue, xserver
  - Switched gunicorn from using an entirely command argument based
    configuration to usign python configuration files. Variables for
    extra configuration in the configuration file template, and
    command line argument overrides are available.

445 446 447
- Role: analytics-api, insights
  - Using Django 1.7 migrate command.

448 449 450 451 452 453 454
- Role: edxapp
  - A new var was added to make it easy ot invalidate the default
    memcache store to make it easier to invalidate sessions. Updating
    the edxapp env.json files will result in all users getting logged
    out.  This is a one time penalty as long as the value of `EDXAPP_DEFAULT_CACHE_VERSION`
    is not explicitly changed.

455 456 457 458 459 460
- Role: nginx
  - New html templates for server errors added.
    Defaults for a ratelimiting static page and server error static page.
    CMS/LMS are set to use them by default, wording can be changed in the
    Nginx default vars.

John Jarvis committed
461 462
- Role: edxapp
  - We now have an all caps variable override for celery workers
Feanil Patel committed
463
- Role: common
Will Daly committed
464
  - We now remove the default syslog.d conf file (50-default.conf) this will
Feanil Patel committed
465 466
  break people who have hand edited that file.

467 468 469
- Role: edxapp
  - Updated the module store settings to match the new settings format.

e0d committed
470 471 472 473
- Update, possible breaking change: the edxapp role vars edxapp_lms_env and edxapp_cms_env have
  been changed to EDXAPP_LMS_ENV and EDXAPP_CMS_ENV to indicate, via our convention,
  that overridding them is expected.  The default values remain the same.

John Jarvis committed
474 475 476
- Role: analytics-api
  - Added a new role for the analytics-api Django app.  Currently a private repo

Feanil Patel committed
477 478
- Logrotation now happens hourly by default for all logs.

John Jarvis committed
479 480
- Role: xqwatcher, xqueue, nginx, edxapp, common
  - Moving nginx basic authorization flag and credentials to the common role
John Jarvis committed
481
  - Basic auth will be turned on by default
John Jarvis committed
482

483
- Role: Edxapp
Feanil Patel committed
484 485 486 487
  - Turn on code sandboxing by default and allow the jailed code to be able to write
    files to the tmp directory created for it by codejail.

- Role: Edxapp
488 489 490
  - The repo.txt requirements file is no longer being processed in anyway.  This file was removed from edxplatform
    via pull #3487(https://github.com/edx/edx-platform/pull/3487)

John Jarvis committed
491
- Update `CMS_HOSTNAME` default to allow any hostname that starts with `studio` along with `prod-studio` or `stage-studio`.
492 493

- Start a change log to keep track of backwards incompatible changes and deprecations.
Rohit Karajgi committed
494 495 496 497

- Role: Mongo
  - Fixed case of variable used in if block that breaks cluster configuration
    by changing mongo_clustered to MONGO_CLUSTERED.
498 499

- Role: Edxapp
Will Daly committed
500
  - Added EDXAPP_LMS_AUTH_EXTRA and EDXAPP_CMS_AUTH_EXTRA for passing unique AUTH_EXTRA configurations to the LMS and CMS.
501
    Both variables default to EDXAPP_AUTH_EXTRA for backward compatibility
502 503 504 505 506 507

- Role: ecommerce
  - Renamed `ECOMMERCE_COMPREHENSIVE_THEME_DIR` to `ECOMMERCE_COMPREHENSIVE_THEME_DIRS`, `ECOMMERCE_COMPREHENSIVE_THEME_DIRS`
    is now a list of directories. Change is backward incompatible.
  - Renamed `COMPREHENSIVE_THEME_DIR` to `COMPREHENSIVE_THEME_DIRS`, `COMPREHENSIVE_THEME_DIRS` is now a list of directories.
    Change is backward incompatible.
508 509 510 511 512 513

- Role: Edxapp
  - `EDXAPP_COMPREHENSIVE_THEME_DIR` is deprecated and is maintained for backward compatibility, `EDXAPP_COMPREHENSIVE_THEME_DIRS`
    should be used instead which is a list of directories. `EDXAPP_COMPREHENSIVE_THEME_DIR` if present will have priority over `EDXAPP_COMPREHENSIVE_THEME_DIRS`
  - `COMPREHENSIVE_THEME_DIR` is deprecated and is maintained for backward compatibility, `COMPREHENSIVE_THEME_DIRS` should be used
    instead which is a list of directories. `COMPREHENSIVE_THEME_DIR` if present will have priority over `COMPREHENSIVE_THEME_DIRS`
514 515 516

- Role: edxapp
  - Added COMPREHENSIVE_THEME_LOCALE_PATHS to support internationalization of strings originating from custom themes.
tasawernawaz committed
517 518 519

- Role: edxapp
  - Added `EXPIRING_SOON_WINDOW` to show message to learners if their verification is expiring soon.
520 521 522

- Role: discovery
  - Added `PUBLISHER_FROM_EMAIL` for sending emails to publisher app users.
523 524 525 526

- Role: security
  - Changed SECURITY_UPGRADE_ON_ANSIBLE to only apply security updates.  If you want to retain the behavior of running safe-upgrade,
    you should switch to using SAFE_UPGRADE_ON_ANSIBLE.
Kevin Falcone committed
527

528 529 530
- Role: mongo_2_6
  - Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.

Kevin Falcone committed
531 532 533
- Role: mongo_3_0
  - Changed MONGO_STORAGE_ENGINE to default to wiredTiger which is the default in 3.2 and 3.4 and what edX suggests be used even on 3.0.
    If you have a mmapv1 3.0 install, override MONGO_STORAGE_ENGINE to be mmapv1 which was the old default.
534
  - Support parsing the replset JSON in 3.2 and 3.0
535
  - Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.
536 537

- Role: xqueue
538 539 540
  - Added `XQUEUE_RABBITMQ_TLS` to allow configuring xqueue to use TLS when connecting to the AMQP broker.
  - Added `XQUEUE_RABBITMQ_VHOST` to allow configuring the xqueue RabbitMQ host.
  - Added `XQUEUE_RABBITMQ_PORT` to allow configuring the RabbitMQ port.
541 542

- Role: edxapp
543
  - Added `EDXAPP_CELERY_BROKER_USE_SSL` to allow configuring celery to use TLS.
544 545 546

- Role: ecommerce
  - Added `ECOMMERCE_ENTERPRISE_URL` for the `enterprise` API endpoint exposed by a new service `edx-enterprise` (currently hosted by `LMS`), which defaults to the existing setting `ECOMMERCE_LMS_URL_ROOT`.
547 548 549

- Role: ecommerce
  - Removed `SEGMENT_KEY` which is no longer used.  Segment key is now defined in DB configuration. (https://github.com/edx/ecommerce/pull/1121)
550 551 552

- Role: edxapp
  - Added `EDXAPP_BLOCK_STRUCTURES_SETTINGS` to configure S3-backed Course Block Structures.
553 554 555

- Role: insights
  - Removed `INSIGHTS_FEEDBACK_EMAIL` which is no longer used, as it was deemed redundant with `INSIGHTS_SUPPORT_EMAIL`.
556 557 558

- Role: insights
  - Removed `SUPPORT_EMAIL` setting from `INSIGHTS_CONFIG`, as it is was replaced by `SUPPORT_URL`.
559 560 561 562 563

- Role: insights
  - Added `INSIGHTS_DOMAIN` to configure the domain Insights is deployed on
  - Added `INSIGHTS_CLOUDFRONT_DOMAIN` to configure the domain static files can be served from
  - Added `INSIGHTS_CORS_ORIGIN_WHITELIST_EXTRA` to configure allowing CORS on domains other than the `INSIGHTS_DOMAIN`
564 565 566

- Role: edxapp
  - Added `EDXAPP_VIDEO_IMAGE_SETTINGS` to configure S3-backed video images.
567 568 569

- Role: edxapp
  - Added `EDXAPP_BASE_COOKIE_DOMAIN` for sharing cookies across edx domains.
570 571 572 573

- Role: insights
  - Removed `bower install` task
  - Replaced r.js build task with webpack build task
Kevin Falcone committed
574
  - Removed `./manage.py compress` task
575 576 577

- Role: insights
  - Moved `THEME_SCSS` from `INSIGHTS_CONFIG` to `insights_environment`
Kevin Falcone committed
578 579 580 581

- Role: analytics_api
  - Added a number of `ANALYTICS_API_DEFAULT_*` and `ANALYTICS_API_REPORTS_*` variables to allow more selective specification of database parameters (rather than
      overriding the whole structure).
582 583 584 585 586

- Role: edxapp
  - Remove EDXAPP_ANALYTICS_API_KEY, EDXAPP_ANALYTICS_SERVER_URL, EDXAPP_ANALYTICS_DATA_TOKEN, EDXAPP_ANALYTICS_DATA_URL since they are old and
  no longer consumed.

587 588 589
- Role: edxapp
  - Added `PASSWORD_MIN_LENGTH` for password minimum length validation on reset page.
  - Added `PASSWORD_MAX_LENGTH` for password maximum length validation on reset page.
Ahsan Ulhaq committed
590 591 592 593 594 595 596 597 598 599 600 601 602 603

- Role: credentials
  - Replaced `CREDENTIALS_OAUTH_URL_ROOT` with `COMMON_OAUTH_URL_ROOT` from `common_vars`
  - Replaced `CREDENTIALS_OIDC_LOGOUT_URL` with `COMMON_OAUTH_LOGOUT_URL` from `common_vars`
  - Replaced `CREDENTIALS_JWT_AUDIENCE` with `COMMON_JWT_AUDIENCE` from `common_vars`
  - Replaced `CREDENTIALS_JWT_ISSUER` with `COMMON_JWT_ISSUER` from `common_vars`
  - Replaced `CREDENTIALS_JWT_SECRET_KEY` with `COMMON_JWT_SECRET_KEY` from `common_vars`
  - Replaced `CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_ISSUER` with `COMMON_JWT_ISSUER` from `common_vars`

- Role: ecommerce
  - Replaced `ECOMMERCE_OAUTH_URL_ROOT` with `COMMON_OAUTH_URL_ROOT` from `common_vars`
  - Replaced `ECOMMERCE_OIDC_LOGOUT_URL` with `COMMON_OAUTH_LOGOUT_URL` from `common_vars`
  - Replaced `ECOMMERCE_JWT_SECRET_KEY` with `COMMON_JWT_SECRET_KEY` from `common_vars`
  - Replaced `ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_ISSUER` with `COMMON_JWT_ISSUER` from `common_vars`
604 605 606

- Role: edxapp
  - Added `EDXAPP_VIDEO_TRANSCRIPTS_SETTINGS` to configure S3-backed video transcripts.
607
  - Removed unused `EDXAPP_BOOK_URL` setting
608 609 610

- Role: edxapp
  - Added `EDXAPP_ZENDESK_OAUTH_ACCESS_TOKEN` for making requests to Zendesk through front-end.
Ibrahim committed
611 612 613 614 615 616

- Role: whitelabel
  - Added `WHITELABEL_THEME_DIR` to point to the location of whitelabel themes.
  - Added `WHITELABEL_ADMIN_USER` to specify an admin user.
  - Added `WHITELABEL_DNS` for DNS settings of themes.
  - Added `WHITELABEL_ORG` for whitelabel organization settings.